Increase default TOTP secret size to 320 bits (#4287)

Author: Clar Charr

routers/user/setting/security_twofa.go

@@ -76,6 +76,7 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
 	if otpKey == nil {
 		err = nil // clear the error, in case the URL was invalid
 		otpKey, err = totp.Generate(totp.GenerateOpts{
+			SecretSize:  40,
 			Issuer:      setting.AppName + " (" + strings.TrimRight(setting.AppURL, "/") + ")",
 			AccountName: ctx.User.Name,
 		})